WordPress WP Quick Post Duplicator plugin <= 2.0 - Broken Access Control vulnerability
CVE-2023-31214

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: WP Quick Post Duplicator
Vendor: CVE Published:; 9 December 2024

What is CVE-2023-31214?

A missing authorization vulnerability exists in the WP Quick Post Duplicator plugin by Arul Prasad J, which allows attackers to exploit improperly configured access control settings. This flaw can enable unauthorized actions that should be restricted to authenticated users, thereby posing a significant risk to WordPress sites utilizing this plugin. Affected versions include from n/a through 2.0, making it crucial for users to review their configurations and apply necessary security measures to prevent exploitation.

Affected Version(s)

WP Quick Post Duplicator <= 2.0

References

https://patchstack.com/database/wordpress/plugin/wp-quick...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Apr 25, 2023

Credit

TaeEun Lee (Patchstack Alliance)